CVE-2025-5559 – WordPress TimeZoneCalculator Stored Cross-Site Scripting Vulnerability

June 26, 2025

CVE ID : CVE-2025-5559

Published : June 26, 2025, 2:15 a.m. | 2 hours, 52 minutes ago

Description : The TimeZoneCalculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘timezonecalculator_output’ shortcode in all versions up to, and including, 3.37 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5535 – WordPress e.nigma buttons Stored Cross-Site Scripting

Next Article CVE-2025-5540 – WordPress Event RSVP and Simple Event Management Plugin Stored Cross-Site Scripting Vulnerability

CodeSOD: Across the 4th Dimension

Cursor vs GitHub Copilot (2025): Which AI Platform Wins for Your Node.js Dev Team?

NuGet adds support for Trusted Publishing

AWS launches IDE extension for building browser automation agents

Distribution Release: Kali Linux 2025.3

Distribution Release: SysLinuxOS 13

Development Release: MX Linux 25 Beta 1

DistroWatch Weekly, Issue 1140

Beyond Denial: How AI Concierge Services Can Transform Healthcare from Reactive to Proactive

Beyond Denial: How AI Concierge Services Can Transform Healthcare from Reactive to Proactive

IDC ServiceScape for Microsoft Power Apps Low-Code/No-Code Custom Application Development Services

A Stream-Oriented UI library for interactive web applications

FOSS Weekly #25.39: Kill Switch Phones, LMDE 7, Zorin OS 18 Beta, Polybar, Apt History and More Linux Stuff

FOSS Weekly #25.39: Kill Switch Phones, LMDE 7, Zorin OS 18 Beta, Polybar, Apt History and More Linux Stuff

Distribution Release: Kali Linux 2025.3

Distribution Release: SysLinuxOS 13

CVE-2025-5559 – WordPress TimeZoneCalculator Stored Cross-Site Scripting Vulnerability

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

Guida al Gioco Open Source e Free “Daimonin”

CVE-2025-3581 – “Newsletter WordPress Plugin Stored Cross-Site Scripting Vulnerability”

Streamlining Application Automation with Laravel’s Task Scheduler

CVE-2025-52568 – NeKernal Memory Corruption Vulnerability

I tested this new AI podcast tool to see if it can beat NotebookLM – here’s how it did

CVE-2025-6222 – “WooCommerce Refund And Exchange with RMA – Warranty Management, Refund Policy, Manage User Wallet Arbitrary File Upload Vulnerability”

Mozilla annuncia la chiusura di Pocket

How I Built a Figma Plugin Without Coding Knowledge!

CVE-2025-5559 – WordPress TimeZoneCalculator Stored Cross-Site Scripting Vulnerability

Related Posts